With Brexit getting closer and closer, one thing that you need to understand as a business owner is how Brexit will effect the GDPR.
The GDPR is an EU regulation, as we are sure you are aware. When the UK exits the EU, the EU GDPR will no longer be law in the UK. However, the UK government are planning to add this legislation into the UK law, sitting alongside the amended Data Protection Act of 2018.
The UK GDPR
The key principles of the GDPR will remain the same, and the UK government will also ensure the regulation applies to data controllers and processors outside of the UK. As long as their processing activities relate to:
- Offering goods or services to individuals within the UK
- Monitoring the behaviour of individuals taking place in the UK
If you are a UK-based business or organisation subject to the GDPR, and you transfer personal data either to or from other countries, here are some things to be aware of in preparation for Brexit.
How to prepare for Brexit
As with most things, you need to take the time to look at the data you are involved with now, and how this flows internationally. A GDPR audit is a great way to review your current processes and procedures.
Once you have completed this, it is then time to create a priority list. Consider which channels involve the transfer of large volumes of data, and any that are business-critical.
You also need to take the time to think about how you are going to transfer this data lawfully after the exit date. The best way to do this is to have a contract between you and the sender of the personal data. Our data protection officers can help you with this.
What are the key changes Brexit will bring to the GDPR?
There are 2 essential things to consider when the UK leaves the UK. Firstly, the UK rules of transferring data outside of the UK, and secondly, how the EU transfer rules will affect you sending personal data into the UK. In both of these instances, you can transfer personal data as long as it is covered by an adequacy decision, an appropriate safeguard, or an exception rule.
What about a no-deal Brexit?
As we have mentioned, as long as we leave Brexit with a deal, the GDPR is going to be incorporated into the UK law. However, leaving the EU with no-deal throws a slight spanner in the works. Sending data to the EU will not be a problem, as the government has agreed to trade under the European standards.
If you are receiving data, this is where problems may arise. Your business will need to review your contracts, and where necessary, include Standard Contractual Clauses to ensure you can legally receive data from outside of the UK.